公开(公告)号：US11226977B1

公开(公告)日：2022-01-18

申请号：US16896145

申请日：2020-06-08

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud ,  Jesse Miller

IPC: G06F16/248 ,  G06F11/30 ,  G06F16/245 ,  G06F16/242 ,  G06F11/34

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

公开(公告)号：US20210011925A1

公开(公告)日：2021-01-14

申请号：US16919400

申请日：2020-07-02

Applicant: SPLUNK Inc.

Inventor： Marc Vincent Robichaud

IPC: G06F16/25 ,  G06F16/31 ,  G06F11/32 ,  G06F11/30 ,  G06F11/34

Abstract: First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs. Second one or more values are extracted from the plurality of the events using a second extraction rule. The second extraction rule identifies the second one or more values and a field label corresponding to the second one or more values in the extracted first one or more values of the first set of field-data item pairs. The extracted second one or more values are assigned to a second field of the plurality of events as a second set of field-data item pairs. The field label extracted using the second extraction rule or a modified version thereof may be assigned to the second field.

公开(公告)号：US10719525B2

公开(公告)日：2020-07-21

申请号：US15630166

申请日：2017-06-22

Applicant: SPLUNK, INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F16/25 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/26 ,  G06F16/9038 ,  G06F3/0481

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

公开(公告)号：US20190065541A1

公开(公告)日：2019-02-28

申请号：US16177027

申请日：2018-10-31

Applicant: SPLUNK INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud

IPC: G06F17/30

Abstract: Event time selection output techniques are described. In one or more implementations, one or more inputs are received, at one or more computing devices, that involve interaction associated with a particular one of a plurality of events via a user interface, in which the plurality of events result from a search of data, each of the plurality of events include the data that is associated with a respective point in time, and the one or more inputs specify a relative time in relation to the respective point in time of the particular event. A determination is made as to which of the plurality of events correspond to the specified relative time by the one or more computing devices and a result of the determination is output by the one or more computing devices for display in the user interface.

公开(公告)号：US10185740B2

公开(公告)日：2019-01-22

申请号：US15011284

申请日：2016-01-29

Applicant: SPLUNK, INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0482 ,  G06F3/0481 ,  G06F3/0484 ,  H04L12/24 ,  G06F11/07

Abstract: An event view selector for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events and apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event view selector operable to enable transitions between multiple different views of the events associated with different levels of detail. The views may include at least a raw view, a list view, and a table view. Responsive to receiving an indication of a view selected via the event view selector, the selected view may be exposed via the search user interface.

公开(公告)号：US20180157705A1

公开(公告)日：2018-06-07

申请号：US15885538

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F17/30

CPC classification number: G06F16/24534 ,  G06F16/2379 ,  G06F16/2477 ,  G06F16/313 ,  G06F16/322 ,  G06F16/338 ,  G06F16/447 ,  G06F16/9537

Abstract: A request is received to display at least a portion of a first events set and at least a portion of a second events set in an interleaved and visually distinct display format, where, in the interleaved and visually distinct display format, the at least a portion of the first events set is displayed in a visually distinct manner from the at least a portion of the second events set, and data from the at least a portion of the first events set is interleaved with data from the at least a portion of the second events set. In response to receiving the request, display is caused, on a user interface, of the at least a portion of the first events set and the at least a portion of the second events set in the interleaved and visually distinct display format.

公开(公告)号：US09977803B2

公开(公告)日：2018-05-22

申请号：US14611018

申请日：2015-01-30

Applicant: SPLUNK, INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F17/30

CPC classification number: G06F17/30315 ,  G06F17/30386 ,  G06F17/30477

Abstract: A search interface is displayed in a table format that includes a plurality of columns, each column including data items of an event attribute, the data items being of a set of events, each column being selectable by a user, and a plurality of rows forming cells with the one or more columns, each cell comprising one or more of the data items of the event attribute of a corresponding column. Based on the user selecting one or more of the columns, a list of options is displayed corresponding to the selected one or more columns, and one or more commands are added to a search query that corresponds to the set of events. The one or more commands are based on at least an option that is selected from the list of options and the event attribute of each of the selected one or more columns.

公开(公告)号：US09922099B2

公开(公告)日：2018-03-20

申请号：US14528951

申请日：2014-10-30

Applicant: Splunk, Inc.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0484 ,  G06F3/0482 ,  G06F3/0481

CPC classification number: G06F17/30557 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30383 ,  G06F17/30477 ,  G06F17/30551 ,  G06F17/30572 ,  G06F17/30991

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

公开(公告)号：US20160224625A1

公开(公告)日：2016-08-04

申请号：US14610710

申请日：2015-01-30

Applicant: SPLUNK, INC.

Inventor： Marc Vincent Robichaud

IPC: G06F17/30

CPC classification number: G06F17/30448 ,  G06F17/30064 ,  G06F17/30377 ,  G06F17/30551 ,  G06F17/30616 ,  G06F17/30625 ,  G06F17/30696 ,  G06F17/3087

Abstract: A request is received to display at least a portion of a first events set and at least a portion of a second events set in an interleaved and visually distinct display format, where, in the interleaved and visually distinct display format, the at least a portion of the first events set is displayed in a visually distinct manner from the at least a portion of the second events set, and data from the at least a portion of the first events set is interleaved with data from the at least a portion of the second events set. In response to receiving the request, display is caused, on a user interface, of the at least a portion of the first events set and the at least a portion of the second events set in the interleaved and visually distinct display format.

Abstract translation: 接收到请求以显示交织和视觉上不同的显示格式的第一事件集合和第二事件的至少一部分的至少一部分，其中，在交织和视觉上不同的显示格式中，至少部分 以与视频不同的方式从第二事件集合的至少一部分显示第一事件集合，并且来自第一事件集合的至少一部分的数据与来自第二事件集合的至少一部分的数据进行交织 事件集。 响应于接收到请求，在用户界面上显示在交错和视觉上不同的显示格式中设置的第一事件集合的至少一部分和第二事件的至少一部分。

公开(公告)号：US20160098463A1

公开(公告)日：2016-04-07

申请号：US14526380

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/30 ,  G06F3/0484

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F16/221 ,  G06F16/242 ,  G06F16/2425 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/252 ,  G06F16/951 ,  G06F17/246 ,  G06K9/2054

Abstract: In embodiments of event segment search drill down, a search system exposes a search interface that displays multiple events returned as a search result set. A segment can be emphasized in event raw data of an event that is one of multiple events displayed in the search interface, and a menu is displayed with search options that are selectable to operate on the emphasized segment. The menu includes the search options to add the emphasized segment as a keyword to a search command in a search bar of the search interface, exclude the keyword that represents the emphasized segment from a search, or create a new data search based on the highlighted segment. A selection of one of the search options in the menu can be received, and the search command in the search bar is updated based on the search option that is selected.

Abstract translation: 在事件段搜索向下钻取的实施例中，搜索系统公开了显示作为搜索结果集返回的多个事件的搜索界面。 可以在事件的原始数据中突出显示分段，该事件是在搜索界面中显示的多个事件中的一个，并且显示具有可选择以在被强调的段上操作的搜索选项的菜单。 该菜单包括搜索选项，将强调段作为关键字添加到搜索接口的搜索栏中的搜索命令，从搜索中排除表示强调段的关键字，或者基于突出显示的段创建新的数据搜索 。 可以接收菜单中的一个搜索选项的选择，并且基于所选择的搜索选项来更新搜索栏中的搜索命令。